How IT governance operates at a more detailed level is complex. Primarily, it is a sorting process (see Figure 1) used to respond to an ongoing stream of demands and opportunities for IT development and use. IT governance structures in any given context should be designed to respond to these demands and opportunities as necessary to achieve the desired outcomes by identifying the issues to be resolved. These issues are then distributed for decision making at different levels of government: individual agencies, federations of agencies acting in consort, or a central state-level organizational unit. The normal conduct of IT use in government generates a constant stream of decision requirements and responses to changes in the environment. Sorting through issues, demands, and opportunities requires (1) knowledge of a set of process questions related to decision and input rights and (2) accountability mechanisms such as those laid out by Weill & Ross. These two elements are complemented by the questions about context and value that emerged from the CTG project as critical to successful IT governance development initiatives.

While IT governance structures include a generic set of elements or capabilities, there are also context specific issues that must be responded to in the design, development and implementation processes.

The answers to these questions generate action at the relevant levels, which in turn produces results that flow back into the environment in the form of services, benefits, policies, resources, or other products of government action. Figure 1 shows three levels of distribution of the issues, roughly reflecting a generic governmental governance process. Similar representations could include different levels, but would follow the same basic principles.

This representation is useful in identifying the kinds and locations of actions and decisions that make up a governance framework. It is also useful in defining working relationships that are necessary for value to be gained. How each organization implements governance varies to some degree; however, our research supports previous assertions (Weill and Ross 2004) that there are three primary structures for enterprise IT decision making:

A centralized IT governance structure distributes authority and decision making power solely to a central body (or a state-level CIO).

A decentralized IT governance structure distributes all authority and decision-making power to individual business units (or state agencies).

In a federated IT governance structure, authority over decision-making is distributed between a central body and individual organizational units (or a state-level CIO and state agency CIOs).

The Scope of governance at any particular level refers to the range of issues covered by a governance structure. A broader scope of governance might include all of the possible IT issues in a particular setting, i.e., procurement, standards, architecture, policies, business-IT alignment; a more narrow scope might focus solely on standards development or procurement.

Authority arrangements refer to how power, rights, roles, and responsibilities are distributed between and among the related entities. Examples are the national, state, and local governments of a single country involved in a coordinated human services program or the three countries involved in a joint air quality management initiative.

Organizational structure refers to the operating structures of governance. It includes the specification of the entities that will be created, including their placement within a hierarchy and their reporting relationships. For example, a government-wide body might report to the top elected official, while a governance body created to support decisions about standards across a set of municipalities might report to a multi-organizational advisory body.

Membership refers to those individuals and organizational representatives who ought to be making decisions relevant to specific interoperability initiatives. It should recognize both formal relationships, such as established legal and statutory appointments, and informal ones established through various coordinating mechanisms such as communities of practice. A governance structure might include both a statutorily established enterprise-wide advisory body and a group that has appointed members from domain level informal collaborative efforts such as communities of practice.

Process refers to how the governance structure is implemented and used. It should identify specific coordination mechanisms and articulate the decision making rules and procedures. Ultimately, process clarifies the specific actions and behaviors that support the individual governance structures.